Gen Z’s Rising Susceptibility to Social Engineering Attacks – Source: securityboulevard.com

Designed to exploit human behavior and our fallible natures, social engineering attacks are surging for a simple reason: It’s far easier to con and compromise an employee and steal the keys to the kingdom rather than trying to hack or subvert advanced cybersecurity controls that require specialized skills and resources. Recently, researchers discovered that a specific set of demographics is more susceptible to social engineering than others. Nope, it’s not baby boomers, but Generation Z. 

What Makes Gen Z More Susceptible to Social Engineering? 

Gen Z, or individuals born between 1997 and 2012, have certain types of lifestyles, upbringings and character traits that make them ideal for social engineering exploitation. Let’s understand these main reasons: 

Digital complacency: Gen Zs are called “digital natives” for a reason — they’ve grown up playing online video games, are adept with smartphones practically right out of the womb and champion multiple social media accounts. However, this online savviness creates biases, overconfidence and complacency — traits that tend to make Gen Z dismiss warning signs, or overlook red flags, falsely believing that they are unlikely to be targeted and victimized by scammers.  

Too cool for school: Gen Z is three times more likely to fall for online scams in comparison to seniors (baby boomers). They are also easy prey to synthetic media such as voice cloning.

Hyper-connected and impulsive: Gen Z spends an average of five and a half hours a day on social media apps like Instagram, Snapchat and TikTok. They are used to making quick and impulsive decisions, not permitting enough time to properly evaluate a suspicious transaction, or to pause long enough to identify a potential scam. Threat actors exploit this impulsive behavior by crafting sensationalistic headlines (clickbait) that feed upon what’s trending online, shilling false narratives and false identities to solicit an instant response or connection. 

Excessive trust in online environments: Gen Z tends to liberally post sensitive details online, such as personal information like birthdays, party photographs, location check-ins, relationship status updates, etc. Some 52% of Gen Z users are known to use private details like DOB or pet names for their passwords. 82% connect to insecure public Wi-Fi without giving it a second thought. Gen Zs are also more likely to submit sensitive work information to AI tools. 

Limited cyber literacy: Despite being so-called digital natives, younger generations care less about following cybersecurity protocols. Sometimes they cut corners with security for the sake of productivity. Gen Z lacks preparedness in identifying phishing attempts — one of the most prevalent social engineering tactics. Only 31% feel confident about identifying phishing URLs; 72% even admit to opening an unfamiliar phishing URL at work. 72% of Gen Zs also admit that they like to reuse passwords.  

What Can Organizations Do to Mitigate Gen Z-related Social Engineering Threats? 

Gen Zs pose a significant risk to organizations for one simple reason: By 2030, the generation will comprise 30% of the U.S. workforce. By leveraging best practices, organizations can significantly reduce social engineering risks. 

1. Tailored learning programs: Old school training may not work with Gen Z. It’s important to tailor training programs around their unique characteristics and preferences. For example, offering bite-sized content instead of lengthy presentations; delivering training in a mobile-friendly format that’s fun and engaging, such as gamification, memes and dynamic TikTok-style videos.
    
2. Customized simulation exercises: Leverage phishing simulation tools to train the muscle memory and promote security habits. For Gen Z specifically, organizations can implement phishing simulations that mimic real-world attacks. For example, fake identities or DMs on Instagram, malicious Facebook comments (“click this link!”), phishing emails from Netflix accounts, deepfakes of famous athletes and celebrities.
    
3. Collaboration and mentorship: Bridge the security awareness gap by pairing Gen Z employees with veteran employees and mentors that will share their wisdom, insights and stories, offer support and serve as role models. Foster a culture of community and collaboration. This can not only help in normalizing cybersecurity conversations but also bolster a positive culture of cybersecurity.  

Gen Z’s susceptibility to social engineering is an issue that’s deeply rooted in their digital savvy and personal characteristics. Addressing this challenge requires tailoring security awareness programs, modeling phishing simulations around current cultural touchpoints and encouraging collaboration, partnership and mentorship. The idea is to influence healthy security habits while advocating for a culture of accountability and vigilance.